"Researchers with Google's Project Zero security team say they've found three flaws with high severity that have yet to be patched."
Although each of the flaws requires an attacker to have access to a targeted Mac, they could all contribute to a successful attempt to elevate privilege levels and take over a machine.
The first flaw, "OS X networkd "effective_audit_token" XPC type confusion sandbox escape," involves circumvention of commands in the network system and may be mitigated in OS X Yosemite, but there is no clear explanation of whether this is the case. The second vulnerability documents "OS X IOKit kernel code execution due to NULL pointer dereference in IntelAccelerator." The third one, "OS X IOKit kernel memory corruption due to bad bzero in IOBluetoothDevice." includes an exploit related to OS X's kernel structure.
Continued : http://www.cnet.com/news/google-team-finds-three-severe-vulnerabilities-in-apple-os-x/
Google discloses three OS X 0-days
Unpatched Apple Vulnerabilities Latest Google Project Zero Disclosures
Your favorite shows are back!
Don’t miss your dramas, sitcoms and reality shows. Find out when and where they’re airing!